Vulnerability Details CVE-2018-12636
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.484
EPSS Ranking 97.6%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
- https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
- https://wordpress.org/plugins/better-wp-security/#developers
- https://www.exploit-db.com/exploits/44943/
- https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
- https://wordpress.org/plugins/better-wp-security/#developers
- https://www.exploit-db.com/exploits/44943/
Products affected by CVE-2018-12636
-
cpe:2.3:a:ithemes:security:5.6.0
-
cpe:2.3:a:ithemes:security:5.6.1
-
cpe:2.3:a:ithemes:security:5.6.2
-
cpe:2.3:a:ithemes:security:5.6.3
-
cpe:2.3:a:ithemes:security:5.6.4
-
cpe:2.3:a:ithemes:security:5.7.0
-
cpe:2.3:a:ithemes:security:5.7.1
-
cpe:2.3:a:ithemes:security:5.8.0
-
cpe:2.3:a:ithemes:security:5.8.1
-
cpe:2.3:a:ithemes:security:5.9.0
-
cpe:2.3:a:ithemes:security:6.0.0
-
cpe:2.3:a:ithemes:security:6.1.0
-
cpe:2.3:a:ithemes:security:6.1.1
-
cpe:2.3:a:ithemes:security:6.2.0
-
cpe:2.3:a:ithemes:security:6.2.1
-
cpe:2.3:a:ithemes:security:6.3.0
-
cpe:2.3:a:ithemes:security:6.4.0
-
cpe:2.3:a:ithemes:security:6.5.0
-
cpe:2.3:a:ithemes:security:6.5.1
-
cpe:2.3:a:ithemes:security:6.6.0
-
cpe:2.3:a:ithemes:security:6.6.1
-
cpe:2.3:a:ithemes:security:6.7.0
-
cpe:2.3:a:ithemes:security:6.8.0
-
cpe:2.3:a:ithemes:security:6.8.1
-
cpe:2.3:a:ithemes:security:6.9.0
-
cpe:2.3:a:ithemes:security:6.9.1
-
cpe:2.3:a:ithemes:security:6.9.2
-
cpe:2.3:a:ithemes:security:7.0.0
-
cpe:2.3:a:ithemes:security:7.0.1
-
cpe:2.3:a:ithemes:security:7.0.2